EUVD-2000-0126

Malware in sbrugna...

Progress 3.1 Webspeed _CPYFile.P Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23634/info Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts. An attacker may leverage this issue to create and execute malicious WebSpeed cod...

Progress WebSpeed 3.0/3.1 - Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23778/info WebSpeed is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. Successful exploits can allow attackers to cause the application to become unresponsive, denying...

Webspeed OpenEdge Dos exploit

Webspeed OpenEdge Dos exploit Bug Discovered By :Eelko Neven Exploit Coded By spyMASter eklimizide koyalm : www.ulpow.net The Eliminators of the Web First you have to find the messenger execution url. For example: http://target/scripts/cgiip.exe/WService=wsbroker1...

Multiple Denial of Service attacks possible for Webspeed OpenEdge

Denial of Service attack against OpenEdge WebSpeed possible through dict.r. 11-5-2007 author: Eelko Neven discovered: 9-5-2007 Because of poor security in dict.r it is possible to put all agents in busy mode. First you have to find the messenger execution url. For example:...

CVE-2007-2506

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...

Code injection

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...

CVE-2007-2506

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service infinite loop and daemon hang via a messenger URL that invokes edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or...

CVE-2007-2506

This CVE concerns WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e and some 9.x variants. The vulnerability allows remote attackers to cause a denial of service (infinite loop and daemon hang) by requesting a messenger URL that calls _edit.r with no additional parameters, demonstr...

Disable website access for sites running Webspeed

edit.r Busy agents exploit. 1-5-2007 author: Eelko Neven discovered: 28-4-2007 tested: Windows 2000 server & Windows 2003 server Because of poor security in edit.r it is possible to put all agents in busy mode. First you have to find the messenger execution url. For example:...

Progress WebSpeed 3.0/3.1 - Denial of Service

//source: https://www.securityfocus.com/bid/23778/info // //WebSpeed is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. // //Successful exploits can allow attackers to cause the application to become unresponsive, denying service to legitimate...

Progress WebSpeed 3.03.1 - Denial of Service

Progress WebSpeed 3.03.1 - Denial of Service //source: https://www.securityfocus.com/bid/23778/info // //WebSpeed is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. // //Successful exploits can allow attackers to cause the application to becom...

Information disclosure

Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...

CVE-2007-2354

Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...

CVE-2007-2354

Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information...

CVE-2007-2354

CVE-2007-2354 affects Progress Webspeed Messenger. The vulnerability arises from a WService parameter containing “wsbroker1/webutil/about.r” that can disclose operating system and product information to remote attackers, constituting an information-disclosure issue. The connected documents confir...

WebSpeed Development Mode Check

The remote web server is using WebSpeed, a website creation language used with database-driven websites. The installation of WebSpeed on the remote host is configured to operate in 'Development' rather than 'Production' mode, which could allow users to discover sensitive information and even run...

WebSpeed Workshop Arbitrary Command Execution

The remote web server appears to be using WebSpeed, a website creation language used with database-driven websites. The installation of WebSpeed on the remote host is configured to operate in 'Development' mode and allows access to the WebSpeed Workshop, an environment intended for developing...

Code injection

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...

CVE-2007-2266

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...